SnykCon 2020 has ended
Back To Schedule
Thursday, October 22 • 14:20 - 14:40
The Impact of DevSecOps Quantified

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
What if I could tell you the three application security practices whose adoption would most lower risk? What if I could also quantify the impact that each practice would have on your outcomes? Imagine being able to focus your entire organization (and your limited budget) on these three things rather than have your efforts spread across dozens of practices. Imagine how different the conversation with engineering teams and budget approvers will be if you can present research that shows just how important these three things are compared to other things you could invest in.

This talk is a presentation of research that quantifies the impact that various DevSecOps software security practices have on security risk outcomes. We have data from 200 different teams in the technologically and process diverse environment inside Comcast. We've tracked this data over time as teams have adopted practices like secure coding training, threat modeling, pen testing, SAST/IAST/SCA tool usage, security code review, etc. We have then correlated outcomes like network vulnerability to not only determine which practices have the most impact but to quantify how much of an impact each has.

avatar for Larry Maccherone

Larry Maccherone

DevSecOps Transformation, Contrast
Larry Maccherone is an industry-recognized thought leader on DevSecOps, Lean/Agile, and Analytics. He currently leads the DevSecOps transformation at Comcast. Previously, Larry led the insights product line at Rally Software where he published the largest ever study correlating development... Read More →

Thursday October 22, 2020 14:20 - 14:40 BST
Main Track